CVE-2013-0162
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
01/03/2013
Last modified:
11/04/2025
Description
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ryan_davis:ruby_parser:*:*:*:*:*:*:*:* | 3.1.1 (including) | |
| cpe:2.3:a:ryan_davis:ruby_parser:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:2.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:3.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ryan_davis:ruby_parser:3.0.0.a1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page